Protocol Root

Closing the Supervisory Latency Gap in Agentic AI.

VEIP v0.1.2

Status: Candidate Specification

Scope: Defines timing, integrity, custody, and evidence requirements for machine-mediated action. Bridge the gap between machine speed execution and human speed audit.

Executive Summary

VEIP is the definitive execution-time authorization protocol for machine-mediated actions in regulated systems. It enforces the creation of a cryptographically verifiable Authorization Evidence Pack (AEP) before a governed action crosses its declared execution boundary.

Problem Definition

Modern agentic systems trigger high-materiality events at machine speed. Traditional logs written post-hoc are insufficient for safety-critical oversight. VEIP provides a technical prerequisite: Technical Admissibility of every transition, recorded at the commit edge.

The Supervisory Shift (Old vs. New)

Traditional Governance
VEIP Protocol
Post-hoc logs written after damage finalization.
Pre-commit AEP required before state transition.
Manual narrative review and sampling.
Deterministic validation and logic replay.

AEP_LOGICAL_LIFECYCLE

1. Request → 2. Policy Registry Check → 3. Evaluation → 4. AEP Signed
                                                               ↓
5. Gate Decision: PASS | FAIL | ESCALATE ←—————————————————————
           ↓
6. Commit Boundary (DB/Ledger Write) ——————————————————————————→ 7. Evidence Anchor
                                                               ↓
8. Supervisory Audit (Replay Verification) ←———————————————————

Applicability & Proportionality

Tiered requirements based on systemic risk.

Tier R1

Low Materiality

Requirements: AEP Schema compliance (Marker A1).

Tier R2

Material Actions

Requirements: Pre-commit gating + audit export (Markers A1, B1).

Tier R3

Safety / Systemic

Requirements: Custody-bound escalation + deterministic replay (Markers A1-D1).

AEP Core Specification

Field Name Requirement Description
aep_versionMUSTProtocol version identifier (e.g., "0.1.2").
aep_idMUSTGlobally unique identifier for the artifact.
timestamp_utcMUSTRFC 3339 formatted timestamp of evaluation.
evaluation_resultMUSTPASS | FAIL | ESCALATE.
policy_hashMUSTSHA-256 digest of the certified policy artifact.
custody_chainMUSTOrdered list of Public Key references.

State-Transition Integrity (STI) Model

Mathematical proof for execution-time oversight.

System Definition

Let $\mathcal{S}$ be a finite set of system states, $\mathcal{E}$ be a set of execution requests, $\mathcal{P}$ be the set of certified policy artifacts, and $\mathcal{AEP}$ be the set of authorization evidence artifacts.
$\delta : \mathcal{S} \times \mathcal{E} \to \mathcal{S}$
Transition function
$\gamma : (\mathcal{S} \times \mathcal{E} \times \mathcal{P}) \to \Omega$
Policy evaluation function
$\Omega = \{PASS, FAIL, ESCALATE\}$
$\sigma : \mathcal{AEP} \to \{0, 1\}$
Verification function

STI-01: Admissibility Constraint

A state transition from $s_i$ to $s_j$ is Authorized iff there exists an active policy $P_k$ and a valid artifact $AEP_m$:

$$ \exists P_k \in \text{Registry}_{\text{active}} \quad \text{s.t.} \quad \gamma(s_i, e_n, P_k) \in \{PASS, ESCALATE\} $$ $$ \wedge \quad \sigma(AEP_m) = 1 \quad \wedge \quad \text{timestamp}(AEP_m) \leq \text{commit}(\delta(s_i, e_n)) $$

STI-02: Enforcement model

$$ \delta_v(s_i, e_n) = \begin{cases} \delta(s_i, e_n) & \text{if conditions (STI-01) are satisfied} \\ s_i & \text{otherwise} \end{cases} $$

STI-03: Replay Constraint

$$ \mathcal{R}(s_i, e_n, P_k, AEP_m.\text{constraint\_hash}) = \gamma(s_i, e_n, P_k) $$

"Where deterministic replay is not feasible, implementations MUST declare bounded replay tolerances in the relevant annex."

Cryptographic Profile

Required Primitives

  • Hashing: SHA-256 / SHA-3-256.
  • Signatures: ECDSA P-256 or Ed25519.
  • Custody: HSM-backed keys for human approvals.

Operational Integrity

  • Time: RFC 3161 TSA or signed monotonic counter.
  • Lifecycle: Verified public key manifest required.
  • Rotation: Algorithm rotation with 24-month deprecation.

Oversight Ontology

Execution Boundary

The point where a state transition is finalized (DB commit, ledger write).

Normative: AEP finalized PRIOR to boundary.

Authorization Evidence Pack (AEP)

Immutable bundle of policy_hash, constraint_hash, custody_chain, and results.

Normative: Unique per machine action.

Threat Model

Threats Prevented

  • Unauthorized Admission: Execution without policy resolution.
  • Policy Drift: Execution diverges from certified logic version.
  • Forensic Scrubbing: Deletion of audit trails post-incident.

Operational Assumptions

  • System clocks are auditable and synchronized.
  • Policy registry is highly available and queryable.
  • Instrumentation Integrity: Declared boundary is actual commit boundary.

Operational Resilience

Degradation & Fail-Closed Objectives

  • AEP generation failure MUST default to BLOCK or ESCALATE.
  • Partial evidence writes MUST be detectable via hash mismatch.
  • Examiners MUST have Exam Mode access to AEPs during incidents.

Conformance Model

L1

Schema

Structural validity only.

L2

Boundary

Pre-commit gating active.

L3

Integrity

Full Replay + Custody Verification.

Examiner Playbook

Verification Checklist

  • 1. Request Boundary-to-Code Mapping.
  • 2. Request Replay Harness for 100 sampled events.
  • 3. Verify Public Key Manifest for actors.
  • 4. Verify Policy Hash against active registry snapshot.
Example: ESCALATION_ARTIFACT TS: 2026-02-11T15:42:03Z

REASON_CODE: CONFIDENCE_LT_POLICY_THRESHOLD

BOUNDARY_ID: core_ledger_gateway_v2

SYS_KEY_ID: SYS_KEY_01

HUMAN_KEY_ID: REVIEWER_KEY_882

POLICY_HASH: 0x82f1...a21c

Incident Reporting

IC-1: Unauthorized Commit
IC-2: Custody Break
IC-3: Registry Divergence
IC-4: Replay Failure

Supervisory Verification Interface (SVI)

API specifications for regulatory examination.

/svi/v1/manifest/keys

Returns the active signing keys for human and system actors in the custody chain.

/svi/v1/verify/replay

Triggers deterministic logic replay using AEP + context hash. Output MUST match `constraint_hash`.

Regulatory Alignment Matrix

BaFin: BAIT / VAIT (Germany)

Section 10 (Traceability of Approvals). VEIP prove no unauthorized software execution occurred via bit-exact AEPs.

"Interpretation aid only; no compliance claim implied."

DORA (EU)

Article 17: Rigorous evidence of significant ICT change. Satisfies execution-time verification requirements.

"Interpretation aid only; no compliance claim implied."

MAS FEAT (Singapore)

Accountability and Transparency in AI/DA. VEIP ensures custody of every machine decision.

"Interpretation aid only; no compliance claim implied."

Governance Charter

Article 1: Neutrality Safeguards

"The Editorial Board excludes voting members with a material commercial dependency (>5% equity ownership) in commercial Policy-As-Code vendors."

Article 2: Public Comment Record

All material changes require a 90-day review period and immutable archive logging.

"The current governance model is editorial and transitional pending broader public stewardship."

Publications & Artifacts

White Paper
Beyond Enforcement: Legitimacy Protocol in Autonomous Systems

CITATION: VEIP Board. v1.2. 2026. veraxis.protocol/v0.1.2/wp-legitimacy

Specification
AEP Core Specification v0.1.2
Technical Artifact
AEP v0.1.2 — JSON Schema (Draft)

AEP JSON Schema

Illustrative excerpt. Canonical schema governs conformance.

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "VEIP Authorization Evidence Pack",
  "properties": {
    "aep_version": { "type": "string", "const": "0.1.2" },
    "aep_id": { "type": "string", "format": "uuid" },
    "execution_boundary": { "type": "string" },
    "constraint_hash": { "type": "string" },
    "stop_right_triggered": { "type": "boolean" },
    "signature": { "type": "string" }
  }
}

Public Consultation

Phase 1 Institutional Review period: January 2027.

Eligible contributors (supervisors, audit partners) may submit comments via RFC-VEIP-COMMENT format to the Editorial Board. All submissions are archived for public record.